On Fri, 2018-10-26 at 11:38 -0700, Matthew Wilcox wrote: +AD4 On Fri, Oct 26, 2018 at 11:11:18AM -0700, Bart Van Assche wrote: +AD4 +AD4 On Fri, 2018-10-26 at 10:43 -0700, Matthew Wilcox wrote: +AD4 +AD4 +AD4 On Fri, Oct 26, 2018 at 09:49:05AM -0700, Bart Van Assche wrote: +AD4 +AD4 +AD4 +AD4 diff --git a/mm/rmap.c b/mm/rmap.c +AD4 +AD4 +AD4 +AD4 index 1e79fac3186b..2a953d3b7431 100644 +AD4 +AD4 +AD4 +AD4 --- a/mm/rmap.c +AD4 +AD4 +AD4 +AD4 +-+-+- b/mm/rmap.c +AD4 +AD4 +AD4 +AD4 +AEAAQA -81,6 +-81,7 +AEAAQA static inline struct anon+AF8-vma +ACo-anon+AF8-vma+AF8-alloc(void) +AD4 +AD4 +AD4 +AD4 +AD4 +AD4 +AD4 +AD4 anon+AF8-vma +AD0 kmem+AF8-cache+AF8-alloc(anon+AF8-vma+AF8-cachep, GFP+AF8-KERNEL)+ADs +AD4 +AD4 +AD4 +AD4 if (anon+AF8-vma) +AHs +AD4 +AD4 +AD4 +AD4 +- init+AF8-rwsem(+ACY-anon+AF8-vma-+AD4-rwsem)+ADs +AD4 +AD4 +AD4 +AD4 atomic+AF8-set(+ACY-anon+AF8-vma-+AD4-refcount, 1)+ADs +AD4 +AD4 +AD4 +AD4 anon+AF8-vma-+AD4-degree +AD0 1+ADs /+ACo Reference for first vma +ACo-/ +AD4 +AD4 +AD4 +AD4 anon+AF8-vma-+AD4-parent +AD0 anon+AF8-vma+ADs +AD4 +AD4 +AD4 +AD4 +AD4 +AD4 Why is this needed? The anon+AF8-vma+AF8-ctor() already calls init+AF8-rwsem(). +AD4 +AD4 +AD4 +AD4 +AD4 +AD4 (I suspect this is one of those ctors that isn't actually useful and +AD4 +AD4 +AD4 should be inlined into anon+AF8-vma+AF8-alloc()) +AD4 +AD4 +AD4 +AD4 Without that call I noticed that the +ACI-nolockdep+ACI variable was sometimes set +AD4 +AD4 when down+AF8-write() got called. Does that mean that it can happen that an +AD4 +AD4 anon+AF8-vma structure is freed without releasing anon+AF8-vma-+AD4-rwsem? +AD4 +AD4 How strange. The only call to down+AF8-write+AF8-nolockdep() you added (in this +AD4 patch) was for the inode-+AD4-i+AF8-mutex. So how could that possibly affect +AD4 the anon+AF8-vma-+AD4-rwsem? Are you seeing some kind of corruption here? +AD4 +AD4 Maybe try initialising -+AD4-nolockdep with some 32-bit magic value, +AD4 and reporting if it's not 0 or the magic value will lead to some kind +AD4 of insight? Hi Matthew, If I remove the init+AF8-rwsem() call shown above from mm/rmap.c the following appears in the kernel log: WARNING: CPU: 1 PID: 143 at kernel/locking/rwsem.c:102 down+AF8-write+-0x4d/0x60 Modules linked in: CPU: 1 PID: 143 Comm: kworker/u12:3 Not tainted 4.19.0-dbg+- +ACM-20 Hardware name: QEMU Standard PC (i440FX +- PIIX, 1996), BIOS 1.10.2-1 04/01/2014 RIP: 0010:down+AF8-write+-0x4d/0x60 Code: e8 88 6d 30 ff 48 89 df e8 90 ef 2f ff 48 8d bb 80 00 00 00 e8 c4 58 56 ff 8b 93 80 00 00 00 58 85 d2 75 06 48 8b 5d f8 c9 c3 +ADw-0f+AD4 0b 48 8b 5d f8 c9 c3 90 90 90 90 90 90 90 90 90 90 90 0f 1f 44 RSP: 0000:ffff88010e2d7970 EFLAGS: 00010202 RAX: ffffffff8137f2b9 RBX: ffff8801170f9a58 RCX: ffffffff81e550dc RDX: 0000000000000001 RSI: dffffc0000000000 RDI: ffff8801170f9ad8 RBP: ffff88010e2d7978 R08: 0000000000000001 R09: 0000000000000000 R10: ffff88010e2d78f0 R11: ffffed0022e1f35c R12: ffff880113f3cc60 R13: ffff88010e0e93f0 R14: ffff8801170f84e0 R15: ffff8801170f9a50 FS: 0000000000000000(0000) GS:ffff88011b640000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000000002c13001 CR4: 00000000003606e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: +AF8AXw-anon+AF8-vma+AF8-prepare+-0x89/0x230 +AF8AXw-handle+AF8-mm+AF8-fault+-0x1463/0x1590 handle+AF8-mm+AF8-fault+-0x20c/0x4d0 +AF8AXw-get+AF8-user+AF8-pages+-0x302/0x960 get+AF8-user+AF8-pages+AF8-remote+-0x137/0x1f0 copy+AF8-strings.isra.23+-0x31a/0x600 copy+AF8-strings+AF8-kernel+-0x6b/0xa0 +AF8AXw-do+AF8-execve+AF8-file.isra.35+-0xb60/0x1120 do+AF8-execve+-0x25/0x30 call+AF8-usermodehelper+AF8-exec+AF8-async+-0x26e/0x280 ret+AF8-from+AF8-fork+-0x24/0x30 irq event stamp: 64 hardirqs last enabled at (63): +AFsAPA-ffffffff813b5e65+AD4AXQ +AF8AXw-slab+AF8-alloc.isra.56+-0x65/0x90 hardirqs last disabled at (64): +AFsAPA-ffffffff81002768+AD4AXQ trace+AF8-hardirqs+AF8-off+AF8-thunk+-0x1a/0x1c softirqs last enabled at (0): +AFsAPA-ffffffff810b3952+AD4AXQ copy+AF8-process.part.34+-0xb52/0x3af0 softirqs last disabled at (0): +AFsAPA-0000000000000000+AD4AXQ (null) Please let me know if you need more information. Bart.
